Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Security user account registration, creation and management

Tags:

authentication

spring

jakarta-ee

spring-security

user-registration

I've been looking into using Spring Security for the authentication/authorization of my web application (this will be JDBC based).

However, a core component seems to be left out from my perspective. How do I register/create new users? Is there an out of the box API for that?

Do i need to write user registration and management from scratch? Things i need to do include: - Registering a new user - Resetting passwords - Emailing a user to activate their account - Emailing a user to reset their account.

Thank you in advance.

like image 910
Mo . Avatar asked Dec 21 '11 23:12

Mo .

1 Answers

I use Spring Security on my project. The framework does not have an API for user creation or registration as you asked. For Spring Security to be generic and usable across multiple frameworks, it can only take you so far before you have to write custom code. You can't really get a more specific answer about a framework or tool to use because at this point you will just use the frameworks you are already using anyway.

If you've set it up to use users and roles in your database, from your data access layer you would create a record in the user table or update a password (preferably stored as a hash) in that record. And as Aravind said, Spring does provide email support.

If you really want to see one way to do it: I'm using Spring MVC, JSP, and Hibernate. I use Spring's form tags in a JSP to bind a new user form to a Person object, and my controller method passes that Person object to my Dao to persist it.

The controller method signature looks like this...

@RequestMapping(value = "/newUser", method = RequestMethod.POST)
public ModelAndView createNewUser(final @Valid @ModelAttribute Person user,
                                  final BindingResult result,
                                  final SessionStatus status,
                                  final @RequestParam(value = "unencodedPassword", required = true) String password) {
        ...
        user.getRoles().add(new Role(user, Role.APPLICATION_ROLE.ROLE_USER));
        userDao.createNewUser(user);
        ...
}

and my PersonDao would use Hibernate to persist the user like so

@Transactional
public void createNewUser(Person user)
{
    Session session = sessionFactory.getCurrentSession();
    session.save(user);
    session.flush();
}
like image 189
Jason Avatar answered Sep 28 '22 01:09

Jason
Sign in to Comment

Related questions

Return a list, I already have a rowmapper implementation
Heroku cannot deploy Java 11 Spring Boot App [duplicate]
Spring RestTemplate to POST request with Custom Headers and a Request Object
Error in spring application context schema
Lombok with Spring Tool Suite 4
How to add context.xml file to embedded tomcat server
No JTA UserTransaction available - specify either 'userTransaction' or 'userTransactionName'
Send and receive files from FTP in Spring Boot
How to find all users subscribed to a topic in spring websockets
How can I use Spring Boot auto-configured beans in XML configuration files?
Store Java 8 Instant as BSON date using SpringData-MongoDB
Spring Batch resume after server's failure
Difference between Spring configuration inheritance and @Import
Spring Security HttpSecurity Configuration Testing
ZooKeeper for Java/Spring Config?
Spring RESTful Service as a WAR instead of JAR in Tomcat
How to add Query Hints to spring data jpa querydsl queries?
Spring Cache refreshing obsolete values

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!